Cortex Vulnerability Risk Score - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR 5.x Documentation
Product
Cortex XDR
License
XDR + Cloud
Creation date
2025-07-13
Last date published
2026-06-11
Category
Administrator Guide

Cortex's Vulnerability Risk Score (CVRS) offers a dynamic vulnerability risk-scoring approach to help you synthesize critical organization-specific information along with public vulnerability intelligence to provide customized accurate risk scoring. Leverage CVRS to bring in asset context, exploitability information, and the latest updates, to your risk assessment.

Cortex Vulnerability Risk Scores range from 0 to 100, with 100 representing the highest risk. Scores are updated on a daily basis or whenever a findings revision takes place. They are included on vulnerability findings and issues to enable efficient sorting and filtering of vulnerabilities based on risk. Find more details about the risk factors that determine each score on the issue details panel.

Use CVRS to quickly analyze, report, and remediate the highest-priority issues. In addition, CVRS helps you inform and align your team, so you can focus on the most critical issues.

CVRS Assessment Framework

Cortex XDR uses the following factors to determine the CVRS.

Risk factor

Description

Vulnerability Context

Uses the CVSS base score

Exploit Intelligence

Uses EPSS, CISA KEV, exploited in-the-wild, and exploit maturity data

Asset Risk

Evaluates public internet-exposed assets

Environment Risk

Leverages Attack Surface testing results to determine whether an asset is a package-in-use

Compensating Controls

Accounts for assets with Compensating Controls (requires Exposure Management add-on)

View Cortex Vulnerability Risk Score

The CVRS is displayed in the Vulnerability Issues table and details are included in the issue details.

  1. Navigate to Posture ManagementVulnerability ManagementVulnerability Issues.

    The Cortex Vulnerability Risk Score appears in the CVRS column in the table.

  2. Click on a row in the table to open the details panel.

    The Overview tab includes the vulnerability risk score, and the Evidence section includes a high-level summary of the evidence used to determine that score.

    The Risk Details tab provides details about each risk factor thatCortex XDR uses to determine the risk score.

You can also find the Cortex Vulnerability Risk Score and high-level risk score evidence on vulnerability findings.